PITTは電話パスワードの盗難を防止(PITT PREVENTS POTENTIAL PHONE PASSWORD PLUNDE

ad
ad

PITTの電気・コンピュータエンジニアが、Android携帯電話のハードウェアセキュリティの脆弱性を発見 Pitt Electrical and Computer Engineers Uncover Hardware Security Vulnerability on Android Phones

2022-04-01 ピッツバーグ大学(PITT)

PITTが主導した最近の研究によると、一部のAndroidスマートフォンに搭載されているGPU(Graphics Processing Unit)を使用すると、ユーザーがスマートフォンのオンスクリーンキーボードを使用して認証情報を入力する際に、その情報を盗聴することができ、ハッキングの有効なターゲットとなることが判明しました。

<関連情報>

スマートフォンのGPUサイドチャネルを経由したユーザー認証情報の盗聴について Eavesdropping user credentials via GPU side channels on smartphones

Boyuan Yang,Ruirong Chen,Kai Huang,Jun Yang,Wei Gao
ACM Journals Published:28 February 2022
https://doi.org/10.1145/3503222.3507757

ABSTRACT

Graphics Processing Unit (GPU) on smartphones is an effective target for hardware attacks. In this paper, we present a new side channel attack on mobile GPUs of Android smartphones, allowing an unprivileged attacker to eavesdrop the user’s credentials, such as login usernames and passwords, from their inputs through on-screen keyboard. Our attack targets on Qualcomm Adreno GPUs and investigate the amount of GPU overdraw when rendering the popups of user’s key presses of inputs. Such GPU overdraw caused by each key press corresponds to unique variations of selected GPU performance counters, from which these key presses can be accurately inferred. Experiment results from practical use on multiple models of Android smartphones show that our attack can correctly infer more than 80% of user’s credential inputs, but incur negligible amounts of computing overhead and network traffic on the victim device. To counter this attack, this paper suggests mitigations of access control on GPU performance counters, or applying obfuscations on the values of GPU performance counters.

1604情報ネットワーク
ad
ad
Follow
ad
タイトルとURLをコピーしました